Rowland Penny
2022-Apr-07 15:54 UTC
[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
On Thu, 2022-04-07 at 12:39 -0300, Mateo Duffour via samba wrote:> Hi, > > We've updated our Samba server version to 4.16.0 and we're getting > this error now (when trying to login with any user): > > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=10.9.9.4 user=usu7 at adtest.xxx.xxx.xx > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): received for user usu7 at adtest.xxx.xxx.xx: 4 > (System error) > Apr 07 11:50:48 idmsrvpru.idmpru.xxx.xxx.xx sshd[4840]: error: PAM: > Authentication failure for usu7 at adtest.xxx.xxx.xx from 10.9.9.4 > > Any help is appreciated, regards.None of that appears to be coming from Samba, could it be coming from sssd ? If so, I suggest you ask on the sssd-users mailing list. Rowland
Mateo Duffour
2022-Apr-13 17:35 UTC
[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
Hi, We've configured a two way trust of IdM with our Samba 4.16.0, now we are getting the same behavior mentioned on the Samba https://bugzilla.samba.org/show_bug.cgi?id=15021 Many thanks. Lic. Mateo Duffour Unidad Inform?tica 2901.40.91 [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] [ http://www.fnr.gub.uy/ | ] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido. ----- Original Message ----- From: "Rowland Penny via samba" <samba at lists.samba.org> To: "samba" <samba at lists.samba.org> Cc: "Rowland Penny" <rpenny at samba.org> Sent: Thursday, 7 April, 2022 12:54:27 Subject: Re: [Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly On Thu, 2022-04-07 at 12:39 -0300, Mateo Duffour via samba wrote:> Hi, > > We've updated our Samba server version to 4.16.0 and we're getting > this error now (when trying to login with any user): > > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error > constructing AP-REQ armor: Server > krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos > database > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=10.9.9.4 user=usu7 at adtest.xxx.xxx.xx > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: > pam_sss(sshd:auth): received for user usu7 at adtest.xxx.xxx.xx: 4 > (System error) > Apr 07 11:50:48 idmsrvpru.idmpru.xxx.xxx.xx sshd[4840]: error: PAM: > Authentication failure for usu7 at adtest.xxx.xxx.xx from 10.9.9.4 > > Any help is appreciated, regards.None of that appears to be coming from Samba, could it be coming from sssd ? If so, I suggest you ask on the sssd-users mailing list. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba